From APUE
When we execute a program file, the effective user ID of the process is usually the real user ID. However, we can also set the set-user-ID bit in the file’s mode word (
st_mode) that says, ‘‘When this file is executed, set the effective user ID of the process to be the owner of the file (st_uid).’’For example, if the owner of the file is the superuser and if the file’s set-user-ID bit is set, then while that program file is running as a process, it has superuser privileges. This happens regardless of the real user ID of the process that executes the file. As an example, the UNIX System program that allows anyone to change his or her password,
passwd(1), is a set-user-ID program. This is required so that the program can write the new password to the password file, typically either/etc/passwdor/etc/shadow, files that should be writable only by the superuser. Because a process that is running set-user-ID to some other user usually assumes extra permissions, it must be written carefully.
Assume the set-user-ID bit in a program file is set.
When does changing the process' effective user ID to be the owner of the file happen, before or after the kernel decides that the process can execute the file via the file access test?
If "before", since the process' effective user ID is changed to be the owner of the file first, doesn't the kernel always decide that the process can execute the file via the file access test?
If "after", since the kernel decides that the process can execute the file via the file access test, the process must have the effective ID matching the file's owner and the file also has the permission bit set. Then why is there a need to still change the effective user ID of the process to be the owner of the file?
Thanks.
execvehas? That is not the case; a kernel-mode process has permissions equal to or exceeding that of user-mode root, no matter what uid the user process is.